X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=blobdiff_plain;f=gcrypt.c;h=694c0adb8454b73dc0e5b67876fc7a03617b61d0;hp=8d6db3490db95057b32168c3302fd0e2a0ee4e48;hb=d6b25bf854c164021550dfa8ff9fb4cfb104582e;hpb=ab98d5b8b03e0e2fdcf010fc8f6a6b0ab8f87564

diff --git a/gcrypt.c b/gcrypt.c
index 8d6db349..694c0adb 100644
--- a/gcrypt.c
+++ b/gcrypt.c
@@ -56,7 +56,7 @@ void get_random_bytes_or_die(unsigned char *buf, int num)
  * call to gcry_check_version() initializes the gcrypt library and checks that
  * we have at least the minimal required version.
  */
-void init_random_seed_or_die(void)
+void crypt_init(void)
 {
 	const char *req_ver = "1.5.0";
 	int seed;
@@ -66,10 +66,29 @@ void init_random_seed_or_die(void)
 			req_ver, gcry_check_version(NULL));
 		exit(EXIT_FAILURE);
 	}
+
+	/*
+	 * Allocate a pool of secure memory. This also drops privileges where
+	 * needed.
+	 */
+	gcry_control(GCRYCTL_INIT_SECMEM, 65536, 0);
+
+	/* Tell Libgcrypt that initialization has completed. */
+	gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0);
+
 	get_random_bytes_or_die((unsigned char *)&seed, sizeof(seed));
 	srandom(seed);
 }
 
+void crypt_shutdown(void)
+{
+	/*
+	 * WK does not see a way to apply a patch for the sake of Valgrind, so
+	 * as of 2018 libgrypt has no deinitialization routine to free the
+	 * resources on exit.
+	 */
+}
+
 /** S-expression for the public part of an RSA key. */
 #define RSA_PUBKEY_SEXP "(public-key (rsa (n %m) (e %m)))"
 /** S-expression for a private RSA key. */
@@ -218,7 +237,7 @@ static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn,
 	PARA_DEBUG_LOG("bn_size %d (0x%x)\n", bn_size, (unsigned)bn_size);
 	gret = gcry_mpi_scan(bn, GCRYMPI_FMT_STD, cp, bn_size, NULL);
 	if (gret) {
-		PARA_ERROR_LOG("%s while scanning n\n",
+		PARA_ERROR_LOG("gcry_mpi_scan: %s\n",
 			gcry_strerror(gcry_err_code(gret)));
 		return-E_MPI_SCAN;
 	}